working group reports meeting wrap-up. march 2001 120 meeting attendees day one – pki forum,...
TRANSCRIPT
![Page 1: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/1.jpg)
Working Group Reports
Meeting Wrap-up
![Page 2: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/2.jpg)
March 2001
• 120 meeting attendees• Day one – PKI Forum, Industry Analyst, PKI
Executives & End User• First “release” of PKI Forum Deliverables• 1.5 days of working group sessions
![Page 3: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/3.jpg)
Future Meetings
• Next meeting in June– Contract in progress for Munich June 19-21
(thanks to Walter Fumy for helping with venue selection)
• September in Toronto?• Nov/Dec in Asia Pacific?• Please respond to survey – a shorter one will
be issued the working groups
![Page 4: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/4.jpg)
Policy and Privacy Working Group Meeting Report
![Page 5: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/5.jpg)
Research Information Project
Review existing PKI policy guidelines and certificate policies for inclusion on the Web Site. Establish links to the Australian comparative site.
Action: Recommend BOD support for Virtual follow-up
![Page 6: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/6.jpg)
Research Information Project
Develop a framework (toolkit?) for planning policy and procedure development in support of PKI implementation. It is a tool to define process of implementing PKI and provide scoping to help PKI implementers in the development of their organization’s policy. This will also help organizations through the maze of documentation required for PKI. Possible components include:
• PKI Policy Questionnaire• Selected PKI Policies and Documents• PKI Policy Development Plan • Templates, Guidelines and Support Resources• Entities which must be engaged. Action: Interim meeting scheduled for April 27 in
Washington, DC.
![Page 7: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/7.jpg)
Project – White Paper
Write a white paper describing how PKI, currently and in the future, can enable e-business beyond providing authentication and data integrity security services. The white paper will focus on three business areas: law enforcement, health care, and financial services. It will address privacy and data protection mandates in these sectors, as well as issues such as archive, business continuity, and off-line retention and management of business information. This will also serve as input to the Technical Working Groups on what business requires in order to make the emerging PKI confusion into a (hopefully) seamless and transparent experience for the end user.
Action: Business areas assigned and draft due for June meeting
![Page 8: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/8.jpg)
Project – White Paper
Prepare a white paper examining the principal requirements of UETA and the U.S. E-sign bill as against the European qualified certificate and signature and other major international electronic signature laws and consider how to have applications systems that must operate with both, and must be able to detect their characteristics.
Action: Deferred
![Page 9: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/9.jpg)
Project – White Paper
Write a white paper to understand, compare and differentiate audit requirements used by bodies such as AICPA, APEC, Australia's Gatekeeper, Italy's AIPA, Identrus, etc. Working with these bodies, the paper will identify where requirements are identical and where they differ and address the interoperability of audit requirements.
Action: Assigned, Arthur Andersen lead project
![Page 10: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/10.jpg)
Best Practices Working Best Practices Working GroupGroup
SummarySummary
March 14, 2001March 14, 2001
San Jose, CASan Jose, CA
![Page 11: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/11.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14• Define White Papers: (Create detailed list)
– Business Risk Assessment (Jeff for ideas)– Define Business & Tech Requirements– Decision: Acquisition vs Implementation– Follow the CA Trust Specification– Leverage past work within your community of interest for the
structure of the PKI (Identrus for FI, Federal Bridge & European Bridge for Gov’t, etc)
– Plans to move operationally from the Pilot to Production– Need: FAQ &Lessons Learned Database– May structure other future items
![Page 12: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/12.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14
• Business Risk Assessment– Business needs analysis must be completed
first– List of questions and process for determining
the need for PKI.
![Page 13: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/13.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– How are your employees authenticated from home?– How do customers access information?– What information do you want to make available?– What is the value of this information?– What initiatives are impacting your business? What are the
three top issues? When will they impact your business?– What are the human bottlenecks for transaction processing,
such as travel, purchasing, information accuracy, order processing, and application approval & acceptance?
– Are fraud and erroneous processing an issue? If so, where and how do they occur?
– Are you concerned with controlling and managing access to your corporate information?
![Page 14: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/14.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– What is the impact of a security breech to your
credibility, IP, and corporate assets?– List of drives for PKI over the next 2 years:
• Financials: GBL (Grahem Leitch-Biley• Children: COPA• Safeharbour: EU Directive• Bill C-6 in Canada• EUTA: • ACES:• PDD 63: Critical Infrastructure protection
![Page 15: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/15.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– PKI Sweet Spot:
• Authentication• Authorization• Integrity• Confidentiality• Non-repudiation• Accountability
![Page 16: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/16.jpg)
Best Practices BWG Summary
• Other Tools: eg PMI, Username/password, encryption, CHAP
• Authentication: • Authorization:• Integrity• Confidentiality• Non-repudiation• Accountability
• What is the cost benefit of trading existing tools with PKI
![Page 17: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/17.jpg)
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14• AICPA:
– US & Canada adopted– 15 other countries in evaluation mode– Leads to the final ISO standard TC68/2/8– Motion for the BPWG to endorse both the AICPA/CICA
audit standard and ANSI X9.79 as tools for achieving best practices. We also expect to endorse the final ISO version of this standard.
– Endorsements from: DST, Verisign, Identrus, Microsoft?– How do we create momentum from the industry and
customers? Marketing WG to leverage, lobby & educate
![Page 18: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/18.jpg)
Results of BWG - Applications
• Formulation of Templates for the following deliverables
• Applications Overview• Things to Consider Overview • Case Studies – Lessons Learned, Business Case
• Call for participants (email sign-up)• June meeting: Overviews ready, One Case Study
![Page 19: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/19.jpg)
Education & Marketing WG
San Jose March 2001
![Page 20: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/20.jpg)
Mission Statement
The Marketing & Education Work Group’s mission is to create and disseminate informational pieces that help promote the understanding and value of PKI from both a business and technical perspective.
![Page 21: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/21.jpg)
Logistics
• Obtain BWG alias for Ed & Mktg• ConCalls every second Wed of each month at
8:00 am Pacific Time (works for AP, Europe, North America) agenda will be emailed 1 week prior
• Next Face to Face at RSA Conference. Meeting place TBD/ concall at the usual time 8:00, April 11th.
![Page 22: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/22.jpg)
Project Update: PKI Tutorial
• “How PKI Addresses e-Business Risks”– Reviewed and signed off– Will go to Virtual Inc for production
![Page 23: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/23.jpg)
Project Update : PKI Technical Tutorial
– Walter Project Lead– Coauthors: Bill Franklin & Nancy Bianco, Michele Rubenstein – Outline draft circulated– 1 Doc draft targeted for April 11, 2001– Draft of the outline 3/15– Submit to inerall email out to group today -Bryta– Comments on Outline back March 20, 2001– Decent 1st draft: April 11th (meeting date)
![Page 24: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/24.jpg)
.Project Update: Security in E-Business
• Bill Garvin: Project Lead• Coauthors : Mike Jeffries, Dan Morrison, Bill Franklin• Target audience: Business Managers• Out line Draft for comment by :March 15, 2001• Comments due by: March 2, 2001• 1st Doc Draft: April 5, 2001
![Page 25: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/25.jpg)
New Project: PKI Buyer’s Guide Tutorial
– Project Leader: Leo Pluswick– Project Plan
• Comments on initial material due - April 15, 2001
• Consolidate comments/content - April 30, 2001• TWG & BWG Review - May 4, 2001• Publish July 12, 2001
![Page 26: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/26.jpg)
New Project: PKI note on Biometrics
• Project Leaders - Jeff Stapleton & Bill Franklin– 2nd draft date: March 15th, 2001
![Page 27: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/27.jpg)
Wrap
• Questions?• Thank You!
![Page 28: Working Group Reports Meeting Wrap-up. March 2001 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release”](https://reader030.vdocuments.site/reader030/viewer/2022032606/56649e8b5503460f94b90b96/html5/thumbnails/28.jpg)
March 2001 – San Jose